Presentation is loading. Please wait.

Presentation is loading. Please wait.

Student Data Transparency and Security Act: What You Need to Know

Published byAmi Carpenter Modified over 6 years ago

Similar presentations

Presentation on theme: "Student Data Transparency and Security Act: What You Need to Know"— Presentation transcript:

1 Student Data Transparency and Security Act: What You Need to Know
(HB ) CALET 2017 Winter Conference

2 Agenda Overview & Breakdown Panel Q&A Table Top Next Steps Resources

3 Overview 2 Years in the Making
Sponsors worked collaboratively with: CASE/CALET, Parents, Vendors Intent is to increase transparency and security of student personally identifiable information (PII) We all have a role: State Board of Education Colorado Department of Education (CDE) Local Education Providers Software Vendors

4 Overview Caplan & Earnest: Breakdown:
Quick Reference Guide: Similarities to FERPA Breakdown: Definitions Policy Transparency Contract Rules

5 Key Definitions District School Teacher
"STUDENT PERSONALLY IDENTIFIABLE INFORMATION" means information that, alone or in combination, personally identifies a student or the student's parent or family, and that is collected, maintained, generated, or inferred by a public education entity, either directly or through a school service, or by a school service contract provider or school service on-demand provider. "SCHOOL SERVICE" Means an internet website, online service, online application, or mobile application that: (I) is designed and marketed primarily for use in a preschool, elementary school, or secondary school; (II) is used at the direction of teachers or other employees of a local education provider; and (III) collects, maintains, or uses student personally identifiable information. Exception: Does not include a service provider that is designed and marketed for use by individuals or entities, even if also marketed to schools "CONTRACT PROVIDER“ & "ON-DEMAND PROVIDER" District School Teacher

6 Policy - State Board of Education Requirements
Explain the types of student PII collected and create policies to protect the collected student PII Make available: A data dictionary with definitions and purpose including PII that LEPs must report for state/federal mandates Policies to comply with FERPA All data sharing agreements Detailed data security plan (including authorizing access, compliance standards, privacy and security audits, security breach procedures, PII retention, staff training) Requirements on how and why student data is shared

7 Policy - CDE Requirements
Develop a process for handling external data requests Must maintain on its website a list of all PII data agreements and associated contracts Cannot require LEP to provide PII, criminal records, health records, social security numbers, biometric info, political affiliations, or beliefs unless required by state/federal law Support and provide for LEPs: Sample privacy and protection policy Sample service provider contract language Data retention and destruction procedures Security breach planning Security and privacy training materials and, upon request, training services

8 Policy - LEP BOE Requirements
No later than 12/31/2017, must adopt policy for: student information privacy & protection hearing complaints from parents concerning the LEP's data policies If a contract provider “commits a material breach”, the BOE must hold a public meeting “within a reasonable time” to: Discuss material breach Allow response from contract provider Allow for public testimony Determine whether or not to continue with contract

9 Transparency - LEP Requirements
CONTRACT PROVIDERS: LEP Must maintain on website: Explanation of student PII data elements that the LEP collects and maintains Link to CDE’s data dictionary List of all service contract providers that the LEP contracts with and associated contract ON-DEMAND PROVIDERS: Must maintain on website “to the extent practicable, a list of the school service on-demand providers“ If the LEP has evidence of non-compliance with Terms of Service (ToS) or Act, the LEP is “strongly encouraged to cease or refuse to use” Must notify CDE and maintain on LEP website a list of on- demand providers with whom LEP ceases or refuses to do business

10 Transparency – Site Examples
Fountain – Ft. Carson Denver Public Schools

11 Transparency – Parent’s Rights
Right to inspect and review student's PII Request a paper or electronic copy of student's PII Request corrections to factually inaccurate student PII that an LEP maintains Can notify the LEP and provide “evidence” of any “substantial” non-compliance with “Terms of Service (ToS)” or Act

12 Contract – LEPs & Contract Provider Requirements
New or renewed agreements with contract providers must include the Act's restrictions & requirements Data Transparency Must provide clear information on what PII is collected and how it is used on website and to LEP Use of Data Can only use student PII for purposes authorized by the contract Cannot sell PII Cannot use PII for targeted advertising Must notify LEPs of material breach Data Destruction Must destroy student PII at the LEPs request or end of contract Various exceptions are allowed e.g. personalized learning, improving products, safety/security, etc. Caplan & Earnest, CASB, CDE

13 Timeline Timeframe Action Now
New or renewed agreements with contract providers must include the Act's restrictions & requirements 12/31/17 Must adopt policy, school service providers on website, educate staff 7/1/18 Small Rural districts get 6 additional months (CDE identifies “small rural” on geographic size of the district that enrolls fewer that 1,000 students K-12)

14 Panel Q&A Marcia Bohannon Chief Information Officer
Colorado Department of Education Lawrence DeHerrera Technology Administrator Fountain-Fort Carson School District 8 Sharyn Guhman Denver Public Schools Jarred Masterson Director of Technology East Central BOCES

15 Table Top Discussion What steps have you taken in your district?
Are you vetting the on demand providers and how? Have you discussed with Cabinet, Legal & BOE? How can CALET be helpful?

16 Next Steps Data Privacy & Security Addendum with new and renewed District contracts Work with schools to: Identify existing contract providers Include District data privacy & security addendum Change software procurement process Begin collecting contract provider’s contracts & PII Begin designing collection and review of on-demand providers Discuss with LEP Leadership, Legal, Administrators, etc. Work with CDE for policy, recommendations, and training

17 Resources https://goo.gl/T4niXQ THIS PRESENTATION
CoSN – Protecting Privacy Toolkit DQC – Who Uses Student Data? Caplan & Ernest – Quick Reference Guide Caplan & Ernest – Data Protection Addendum CDE Data Privacy & Security Lewis Palmer - Infographic Lewis Palmer - Presentation BVSD - Infographic CASB Common Sense Media Education DoE - Privacy Technical Assistance Center

Download ppt "Student Data Transparency and Security Act: What You Need to Know"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.

FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Protection of privacy for all Students!

Protection of privacy for all Students!
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy April 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy April 2014.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
What are my child’s rights under the Individuals with Disabilities Education Act? Randy Chapman The Legal Center for People with Disabilities and Older.

What are my child’s rights under the Individuals with Disabilities Education Act? Randy Chapman The Legal Center for People with Disabilities and Older.
Family Educational Rights and Privacy Act What you need to know...

Family Educational Rights and Privacy Act What you need to know...
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Confidentiality and Public Information Act LISD Special Education Department Training SY 2012-2013.

Confidentiality and Public Information Act LISD Special Education Department Training SY
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.

Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.

Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.

Similar presentations

Ads by Google